PRIVACY NOTICE

Purpose

Thank you for using our recruitment website. Because you will be providing us with personal information about you (referred to below as “Personal Data”) we need to ensure you are aware how and why your Personal Data will be used and how long it will usually be retained for.

References to “we” ‘’us’’ ‘’ the Company’’ in this notice means First2Resource Ltd because under the GDPR we are a “Data Controller” This means that we are responsible for deciding how we hold and use personal information about you. This Privacy Notice sets out the way in which we collect and process Personal Data relating to job applications as well as the steps we take to protect your data.  

We will comply with data protection law and principles, which means that your Personal Data will be:

• Used lawfully, fairly and in a transparent way.
• Collected only for specified and legitimate purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
• Adequate, relevant and not excessive in relation to the purposes we have told you about and limited only to those purposes.
• Accurate and, and where necessary, kept up to date.
• Kept only as long as necessary for the purposes we have told you about.
• Kept securely.

Processing

The Company shall only process Personal Data if at least one of the following applies:

• The Data Subject has given consent to the processing of his or her Personal Data for one or more specific purposes;
• Processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract;
• Processing is necessary for compliance with a legal obligation to which the controller is subject;
• Processing is necessary in order to protect the vital interests of the Data Subject or of another natural person;
• Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
• Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of Personal Data, in particular where the Data Subject is a child.

Processing of your Personal Data will be in connection with your application for work, we will collect, store, and use any information you have provided to us as part of your application for positions advertised on this site including your name, title, address, telephone number, personal email address, date of birth, gender, employment history, qualifications etc.

Due to the legal obligations imposed on us by the Commission Implementing Regulation EU 2015/1998 and the European Aviation Safety Agency by virtue of the “Acceptable means of Compliance and Guidance Material to Part – MED Medical requirements for air crew” and any annexes and documentation issued by the said Agency, we may collect information about your criminal conviction history, as well as store and use the following special categories of personal data in order for us to comply with the legal obligations imposed on us by the said Agency;

• Information about criminal convictions and offences.
• Information about your health, including any medical condition, health, and sickness records. 

We collect personal information about candidates from the following sources:

• You, the candidate, when you enter your identity and contact details to register an account with us and/or when you upload your CV or add other details to your account.
• Disclosure and Barring Service (or other equivalent body providing the same service) in respect of criminal convictions.
• Referees, both work and personal, relating to your suitability for employment or for obtaining appropriate security clearances.

We will use the personal information we collect about you to:

• Assess your skills, qualifications, and suitability for the role you have applied for.
• Carry out background reference or security checks (5 years employment history references), where applicable.
• Communicate with you about the recruitment process.
• Keep records related to our hiring processes.
• Comply with legal or regulatory requirements.
• If successful, to enter into a contract of employment with you.

If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully.

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

We will only share your personal information with the airlines for whom you have applied to work. Their use of Personal Data is subject to a separate agreement between us and them regulating their use of such information. We require all airlines to respect the security of your personal information and treat it in accordance with the law.

Consent

We understand that consent is valid if it is freely given, specific, informed and an unambiguous indication of your wishes expressed by a statement or by a clear affirmative action. You also have the right to withdraw your consent at any time by contacting us.

When Personal Data can only be processed on the basis of consent, such processing will only be carried out if you have given us consent to do so by checking the appropriate section of our Consent form.

Disclosure of your Personal Data

The Company will pass on your Personal Data to Processors who will process your Personal Data under our instructions.

In case we acquire another business or merge with a third party, they are under the obligation to use your Personal Data in the same way as set out in this Privacy Notice. All Third Parties will respect the security of your Personal Data and will treat it in accordance with GDPR Laws and in accordance to our instructions.

We do not transfer your Personal Data outside the EEA.

Security Measures

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. Third parties will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from our Data Protection Officer (“DPO”)

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Retention

We will retain your personal information for a period of 3 years after the later of (i) you not being offered a position for which you have applied; or (ii) if successful in your application, the termination of your employment, for whatever reason; or (iii) for the purposes of alerting you to alternative positions that may arise in future. If we wish to retain your personal information on file beyond that point, we will write to you separately to ascertain whether you give us consent to continue to hold your details.

We retain your personal information for the above period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal information in accordance with applicable laws and regulations.

Your rights as a Data Subject

Under certain circumstances, by law you have the right to:

• Request access to your personal information (commonly known as a “Data Subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal information held by the controller to be transferred to another organisation.
• Not be subjected to automated decisions
• Make a complaint if you believe there has been a breach of the GDPR.

The following table outlines the categories of Personal Data which We process, the purpose for which We process such data as Well as the corresponding legal basis used for such processing. It is pertinent to know that the same categories of Personal Data may be processed for different purposes and therefore on the basis of a various legal grounds simultaneously depending on the purpose of processing.

CATEGORIES OF PERSONAL DATA	PURPOSES OF THE PROCESSING	LEGAL BASIS USED FOR PROCESSING
Personal Data: – Name, – Surname, – Mailing address, – Telephone/mobile number, – Email address – Photo, – Passport data Special Categories of Data: – Medical – Criminal record certificate	– To screen potential candidate to our clients. – On-boarding. – To retain Data Subject’s data for our records as per retention period. – To issue letters to Authorities to obtain required contractual documentation. – Marketing purposes.	– Contractual Necessity – Legal Obligation: EU 2015/1998 EASA Part-FCL EASA AMC & GM to Part-MED

Please contact our DPO in order to make a request concerning the above.

Contact Details

We have appointed a DPO to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the DPO. You have the right to make a complaint at any time to the Office of the Information and Data Protection Commissioner, the Maltese supervisory authority for data protection issues. You may contact the IDPC as follows:

By email:	Please complete the form at https: https://idpc.org.mt/en/Pages/Home.aspx
By phone:	(+356) 2328 7100
By post:	Office of the Information and Data Protection Commissioner                                                                    Level 2, Airways House – High Street – Sliema/SLM 1549- Malta

Updates to this Privacy Notice will be posted on this page – please check back from time to time. We may also inform you of any changes where we hold an appropriate email address for you.

Our full details are as follows:

Name	First2 Resource Ltd
Company Number	C49413
Registered Address	MK Business Centre 115A, Floor 2, Valley Road, Malta
DPO	Sintija Sinicka
Tel:	+371 673 51004
Email	sintija@mhcaviation.com

January 2024